﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web.Mvc;

using RushTracker.Core.Models;
using RushTracker.Core.Util;
using RushTracker.Core.Security;
using System.Web.Security;

namespace RushTracker.Web.UI.Controllers
{
    public class UsersController : RushTrackerController
    {
        // GET /signup
        public ActionResult Create()
        {
            return View();
        }

        // POST /signup
        [HttpPost]
        public string Create(FormCollection form)
        {
            User u = new User();
            u.Username = form["username"].Trim();
            u.Key = KeyGenerator.Generate();
            u.Password = SHA256HashGenerator.Generate(form["password"].Trim(), u.Key);
            u.Email = form["email"].Trim();

            DataRepository.SaveObject(u);
            DataRepository.Flush();

            return "User created: " + u.Id;
        }

        // GET /login
        public string Login()
        {
            return "login";
        }

        // POST /login
        [HttpPost]
        public ActionResult Login(FormCollection form)
        {
            string username = form["username"].Trim();
            string password = form["password"].Trim();

            User u = DataRepository.GetUserByUsername(username);

            if (u != null)
            {
                User ru = DataRepository.GetUserByUsernameAndPassword(username, RushTracker.Core.Util.SHA256HashGenerator.Generate(password, u.Key));

                if (ru != null && ru.IsActivated)
                {
                    u.LastLoginDate = DateTime.Now;
                    u.LastActivityDate = u.LastLoginDate;
                    u.IsAuthenticated = true;

                    DataRepository.UpdateObject(u);

                    // set cookie
                    HttpContext.User = new RushTrackerPrincipal(u);
                    FormsAuthentication.SetAuthCookie(u.Name, true);
                }
            }

            return RedirectToAction("Index", "Home");
        }

        // GET /logout
        public ActionResult Logout()
        {
            if (HttpContext.User != null && HttpContext.User.Identity.IsAuthenticated)
            {
                FormsAuthentication.SignOut();
            }

            return RedirectToAction("Index", "Home");
        }

        // GET /profile/1
        public string View(int userId)
        {
            return "Viewing user profile: " + userId;
        }

        // GET /profile/edit/1
        public ActionResult Edit(int userId)
        {
            var user = DataRepository.GetObjectById<User>(((User)HttpContext.User.Identity).Id);
            return View(user);
        }

        // POST /profile/edit/1
        [HttpPost]
        public ActionResult Edit(int userId, FormCollection form)
        {
            var user = DataRepository.GetObjectById<User>(((User)HttpContext.User.Identity).Id);

            if (!string.IsNullOrEmpty(form["password"]) && !string.IsNullOrEmpty(form["passwordrepeat"]) && form["password"] == form["passwordrepeat"])
            {
                user.Password = SHA256HashGenerator.Generate(form["password"], user.Key);
            }

            user.Email = form["email"];

            DataRepository.UpdateObject(user);

            return RedirectToAction("Index", "Users");
        }
    }
}
